Skip to main content

Sanitize File - CDR - ThreatZone

This Playbook is part of the ThreatZone Pack.#

Supported versions

Supported Cortex XSOAR versions: 6.9.0 and later.

Sanitize one file using the ThreatZone CDR integration. Returns relevant reports to the War Room and file reputations to the context data. CDR Scan Extensions: doc, docm, docx, dotm, ppt, pptm, pptx, xls, xlsm, pdf, odc, odt, ott, odp, otp, ods, ots, rtf, tiff, jpeg, png, gif, bmp, webp, jpx, svg, zip, xml, ics, html, lnk, xlsx.

Dependencies#

This playbook uses the following sub-playbooks, integrations, and scripts.

Sub-playbooks#

  • GenericPolling

Integrations#

  • ThreatZone

Scripts#

This playbook does not use any scripts.

Commands#

  • tz-get-result
  • tz-cdr-upload-sample
  • tz-get-sanitized

Playbook Inputs#


NameDescriptionDefault ValueRequired
FileFile object of the file to analyze. The File is taken from the context.FileOptional
IntervalDuration for executing the pooling (in minutes)1Optional
TimeoutThe duration after which to stop pooling and to resume the playbook (in minutes)15Optional

Playbook Outputs#


PathDescriptionType
ThreatZone.Analysis.STATUSThe status of the submission scanning process.String
ThreatZone.Analysis.LEVELThreat Level of the scanned file. (malicious, suspicious or informative).String
ThreatZone.Analysis.URLThe result page url of the submission.String
ThreatZone.Analysis.INFOContains the file name, scan process status and public status.String
ThreatZone.Analysis.REPORTThe analysis report of the submission.String
ThreatZone.Analysis.MD5The md5 hash of the submission.String
ThreatZone.Analysis.SHA1The sha1 hash of the submission.String
ThreatZone.Analysis.SHA256The sha256 hash of the submission.String
ThreatZone.Analysis.UUIDThe UUID of the submission.String
ThreatZone.Analysis.SANITIZEDThe url of the sanitized file.String

Playbook Image#


Sanitize File - CDR - ThreatZone